We had a customer approach us the other day with an nprobe issue. Apparently, he could see the NetFlow v9 data in Flow View of Scrutinizer, but he couldn’t report on the data. How come?

He sent us a Wireshark packet capture and brought up Flow View. Flow View is a way to see the raw flows (inclusive of all columns) being exported by a device.

Anyway, in Flow View everything looked normal, but then one of our developers spotted the word ‘post’ in front of a couple of import column names. We (and Scrutinizer) expect to see ‘octetDeltaCount’ and instead, the customer had configured nProbe to kick out ‘postOctetDeltaCount’.

Read more »

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter

You’ve installed Scrutinizer only to find out that your network hardware doesn’t support NetFlow or sFlow; what now? If you’re in this situation then you’ve come to the right place. I’ve put together a guide on how to configure a Windows nProbe to send NetFlow v5 to your favorite NetFlow collector and analyzer.

Read more »

Paul Dube
Technical Support
Follow me on Twitter

So you’ve heard about NetFlow. It’s exactly what you need. But then you find out that none of the network equipment you have supports it.

I hate having to tell customers that our product won’t work with their networks…

I think it’s partly because of the lost customer. However, I think it’s more because smaller networks mean smaller budgets, smaller budgets mean more affordable equipment and more affordable equipment means no Cisco devices. No Cisco devices means no NetFlow…

Knowing what NetFlow can do for a Network Admin makes me wish it was more easily attainable, but in the real world, amazing products warrant big price tags.

However, even though you may not have Cisco equipment, doesn’t mean all is lost.

If you are really interested in having full visibility on your network, then I invite you to keep reading since we at Plixer would like to offer you a couple alternatives.

Option 1:

If you are running with smaller Linksys routers, then maybe consider the firmware update from the company Brainslayer, called DD-WRT. This Linksys firmware update allows options that previously, only higher end routers supported. One of those new features being flow record export. For more information, please refer to this great blog that highlights DD-WRT.

Option 2:

If you are using any other devices other than the Cisco or Linksys brands, then this might be an acceptable alternative.

Now even though your devices may not be able to export flows in themselves, what if we were to introduce something that could take your traffic and mold it to export as NetFlow? This is exactly what the nProbe software offers.

With nProbe, just install this application on a local Linux server and direct your traffic through the server itself. With nProbe configured and running, it can then export NetFlow record summaries of your traffic to a local NetFlow collector, such as Scrutinizer. nProbe may be a great option for a small business that does not want to purchase new equipment in order to take advantage of NetFlow.

For more information about either option, feel free to take a look at the products on their websites. The extra effort required to get these products running can produce fantastic returns in network visibility.

-Nate

Overview
Seems like everyday we have someone uninstall Scrutinizer because they didn’t realize their routers and switches don’t support NetFlow or sFlow.  About 3 years ago we released a software package called nProbeLive that was similar to nProbe.

nProbe can be installed on a computer which sits on a mirrored or spanned port of a switch.  Basically, it converts the packets seen into NetFlow v5, v9 or IP FIX.

Big Problem
A mirrored port may send in and out traffic ‘OUT’ the spanned port so the nProbe sees it all as ‘IN’ traffic.  What’s the problem? It will generally over state utilization on the interface and it is difficult to determine what was sent Vs. received.  Explaining this issue became exhausting so we posted a nProbe FAQ on it.

Wireshark or nProbe ?
NetFlow Analysis does not give nearly the insight as Packet Analysis however, it causes much less traffic.  If you need archiving of high level information (i.e who is talking with who and with what), use nProbe.  If you are trying to get juicy details like URLs, etc. use Wireshark.

Scrutinizer Vs. Wireshark
We look at Scrutinizer as being to NetFlow what Wireshark is to packet analysis.  The archiving capabilities of NetFlow and sFlow are much more efficient.  The details however, are left to packet analysis.

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter